On Monday, April 12, 2004, 8:10:41 PM, William Stearns wrote:
Good evening, all, It's still early in the project, but a few quick observations. Using dnstop and tethereal, I've seen that in the last 24 hours we've had 570K DNS queries to slart, the 5th/6th nameserver for {sa,sc}.surbl.org. 84% of those - 475K queries - have been to surbl.org. The next closest was in-addr.arpa with 12K and 7500 or less for everything else (that "everything else" category includes being a primary or secondary for 130 other domains and the primary nameserver for 28 machines). Of that 475K, 400K were to sc.surbl.org and 43K to sa.surbl.org. I suppose the rest were to jeff.chan.rox.surbl.org. *smile* [ :blush: -- Jeff C.] More recent nameserver stats show the RBL is hovering around 90.2% of the queries to that nameserver.
Oh, and did I mention that the nameserver is running on one of 27User-Mode Linux virtual machines (*) running on top of a dual 1.4Ghz P3? The host machine load runs from 3.0 - 5.0 (but 2 of that is from the distributed.net CPU sponge, so really the load is 1.0 - 3.0). It'll be interesting to see just how high the load goes as more people come on, especially when SA 3.0 comes out. *gulp* :-) Cheers, - Bill
Thanks for the timely stats Bill! Someone just inquired what would be involved in being a secondary. I will forward him your data.
We will definitely be needing more secondaries.
We could increase the TTL on sc to something higher, but that could add some latency to the catching of new domains. 10 minutes is pretty short, but there are other RBLs with short TTLs. Here's a sample of some others. Comments welcome:
sc.surbl.org origin = ns1.freeapp.net mail addr = zone.surbl.org serial = 1081827731 refresh = 600 (10M) retry = 300 (5M) expire = 604800 (1W) minimum ttl = 600 (10M)
list.dsbl.org origin = a.list.ns.dsbl.org mail addr = admin.dsbl.org serial = 1080300617 refresh = 600 (10M) retry = 300 (5M) expire = 86400 (1D) minimum ttl = 600 (10M)
sbl.spamhaus.org origin = need.to.know.only mail addr = hostmaster.spamhaus.org serial = 2004032608 refresh = 3600 (1H) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 300 (5M)
dnsbl.njabl.org origin = ns1.njabl.org mail addr = help.njabl.org serial = 1080298387 refresh = 10800 (3H) retry = 1800 (30M) expire = 720000 (1w1d8h) minimum ttl = 900 (15M)
korea.blackholes.us origin = scarlatti.shakha.com mail addr = hostmaster.blackholes.us serial = 2003120601 refresh = 3600 (1H) retry = 900 (15M) expire = 1209600 (2W) minimum ttl = 43200 (12H)
spam.dnsrbl.net origin = ns1.namesystems.net mail addr = dns@namesystems.net serial = 2004031600 refresh = 3600 (1H) retry = 900 (15M) expire = 864000 (1w3d) minimum ttl = 3600 (1H)
hil.habeas.com origin = ns1.habeas.com mail addr = root.habeas.com serial = 33 refresh = 3600 (1H) retry = 1200 (20M) expire = 604800 (1W) minimum ttl = 86400 (1D)
relays.ordb.org origin = a.ns.ordb.org mail addr = hostmaster.ordb.org serial = 1080300600 refresh = 600 (10M) retry = 300 (5M) expire = 604800 (1W) minimum ttl = 1800 (30M)
Are there any DNS tricks for dealing with quickly changing zones other than short times?
Jeff C.